#Blue_Team

​​PersistenceSniper

Powershell noscript that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The noscript is also available on Powershell Gallery.

https://github.com/last-byte/PersistenceSniper

@BlueRedTeam

#Red_Team

​​Certipy

Certipy is an offensive tool for enumerating and abusing Active Directory Certificate Services (AD CS).

If you're not familiar with AD CS and the various domain escalation techniques, I highly recommend reading Certified Pre-Owned by Will Schroeder and Lee Christensen.

https://github.com/ly4k/Certipy

Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!: https://research.ifcr.dk/7237d88061f7

@BlueRedTeam

#Red_Team
​​ADenum

ADEnum.py is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.

LDAP:

▫️ Enum Domain Admin users
▫️ Enum Domain Controllers
▫️ Enum Domain users with Password Not Expire
▫️ Enum Domain users with old password
▫️ Enum Domain users with interesting denoscription
▫️ Enum Domain users with not the default encryption
▫️ Enum Domain users with Protecting Privileged Domain Accounts

Kerberos:

▫️ AS-REP Roastable
▫️ Kerberoastable
▫️ Password cracking with john (krb5tgs and krb5asrep)

https://github.com/SecuProject/ADenum

@BlueRedTeam

#Red_Team
BloodHound

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment.

Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify.

Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment.

https://github.com/BloodHoundAD/BloodHound

Introducing BloodHound 4.2 — The Azure Refactor:
https://posts.specterops.io/1cff734938bd

Active Directory Enumeration: BloodHound:
https://www.hackingarticles.in/active-directory-enumeration-bloodhound/

@BlueRedTeam

#Cobalt_Strike
​​Awesome CobaltStrike

https://github.com/zer0yu/Awesome-CobaltStrike

@BlueRedTeam

#Cobalt_Strike
Cobalt Strike UDRL for memory scanner evasion.

Features

Easy to Use:
Import a single CNA noscript before generating shellcode.

Dynamic Memory Encryption:
Creates a new heap for any allocations from Beacon and encrypts entries before sleep.

Code Obfuscation and Encryption:
Changes the memory containing CS executable code to non-executable and encrypts it (FOLIAGE).

Return Address Spoofing at Execution:
Certain WinAPI calls are executed with a spoofed return address (InternetConnectA, NtWaitForSingleObject, RtlAllocateHeap).

Sleep Without Sleep:
Delayed execution using WaitForSingleObjectEx.

RC4 Encryption:
All encryption performed with SystemFunction032.

https://github.com/kyleavery/AceLdr

@BlueRedTeam

#Red_Team

List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point.

https://github.com/0xMrNiko/Awesome-Red-Teaming

https://github.com/J0hnbX/RedTeam-Resources

https://github.com/A0RX/Red-Blueteam-party

@BlueRedTeam

#Red_Team
👺 Red team: Pentest two organizations at the same time.

• I would like to remind you about the useful webinar "Red team: Pentest with two contractors at the same time". Where real examples of attacks are analyzed:

➖ Methods and tactics of physical penetration into the territory of the organization.
➖ Penetration into the company's perimeter from the outside, through IoT in the apartment of the organization's management.
➖ Gaining administrator access, including information security specialists through Active Directory, a client for MacOS (0-day)
➖ Hacking ACS and camera systems in a cafe.
➖ Installation of an eternal backdoor that could not be found even after reinstallation.
and much more...

@BlueRedTeam

#Red_Team

Caching the Un-cacheables - Abusing URL Parser Confusions (Web Cache Poisoning Technique)
https://nokline.github.io/bugbounty/2022/09/02/Glassdoor-Cache-Poisoning.html

HideProcessHook - DLL that hooks the NtQuerySystemInformation API and hides a process name
https://github.com/ryan-weil/HideProcessHook

@BlueRedTeam

#Red_Team

+ Practical Attacks Against NTLMV1
https://www.trustedsec.com/blog/practical-attacks-against-ntlmv1
+ Exploiting Laravel based applications with leaked APP_KEYs and Queues
https://mogwailabs.de/en/blog/2022/08/exploiting-laravel-based-applications-with-leaked-app_keys-and-queues

@BlueRedTeam

#Blue_Team
Elkeid - Cloud-Native Host-Based IDS to provide next-generation Threat Detection and Behavior Audition with modern architecture
https://github.com/bytedance/Elkeid
@BlueRedTeam

#Red_Team
+ Writing a simple rootkit for linux
https://0x00sec.org/t/writing-a-simple-rootkit-for-linux/29034
+ A Windows box with MSSQL injection in a PHP site, local and remote file includes, and LAPS
https://0xdf.gitlab.io/2022/09/17/htb-streamio.html

@BlueRedTeam

#Red_Team
+ Anonymously bruteforce AD usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)
https://github.com/lkarlslund/ldapnomnom
+ Relaying YubiKeys
https://cube0x0.github.io/Relaying-YubiKeys
+ Stealing Access Tokens From Office Desktop Applications
https://mrd0x.com/stealing-tokens-from-office-applications

@BlueRedTeam

#Blue_Team
Practical Guidance For IT Admins To Respond After Ransomware Attacks
https://m365internals.com/2022/09/19/practical-guidance-for-it-admins-to-respond-to-ransomware-attacks

@BlueRedTeam

#Red_Team
1. Kerberoast attack "pure python"
https://github.com/skelsec/kerberoast
2. A Guide to DNS Takeovers
https://blog.projectdiscovery.io/guide-to-dns-takeovers
3. Maquerade any legitimate Windows binary by changing some fields in the PEB structure
https://github.com/D1rkMtr/MasqueradingPEB

@BlueRedTeam

#Red_Team

+ Bypassing FileBlockExecutable in Sysmon 14.0: A Lesson In Analyzing Assumptions
https://www.huntandhackett.com/blog/bypassing-sysmon
+ Windows 11 Shift F10 Bypass and Autopilot privilge escalation
https://k4m1ll0.com/ShiftF10Bypass-and-privesc.html

@BlueRedTeam

#Red_Team
+ A tool for generating multiple types of NTLMv2 hash theft files
https://github.com/Greenwolf/ntlm_theft
+ Find dead-links
https://github.com/hahwul/deadfinder

@BlueRedTeam

#Red_Team
+ Car Hacking - Manual Bypass of Modern Rolling Code Implementations
https://labs.jumpsec.com/car-hacking-manual-bypass-of-modern-rolling-code-implementations
+ How To Attack Admin Panels Successfully
https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c

@BlueRedTeam

#Red_Team

+ Phishing With Chromium's Application Mode
https://mrd0x.com/phishing-with-chromium-application-mode
+ FUD-UUID-Shellcode
https://github.com/Bl4ckM1rror/FUD-UUID-Shellcode#compile

@BlueRedTeam

#Red_Team

+ Spoofing Calendar Invites Using .ics Files
https://mrd0x.com/spoofing-calendar-invites-using-ics-files
+ Opera Browser VPN Bypass
https://medium.com/@renwa/opera-browser-vpn-bypass-20877aaf08c0

@BlueRedTeam

#Blue_Team
+ PowerShell noscript to collect a packet trace with option to convert .etl to .pcap
https://github.com/dwmetz/QuickPcap
+ Zeroday MS Exchange Server checker
(Virtual Patching checker)
https://github.com/VNCERT-CC/0dayex-checker
+ Exchange On-premises Mitigation Tool v2 (EOMTv2)
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2

@BlueRedTeam